Want to read Slashdot from your mobile device? Point it at m.slashdot.org and keep reading!


Forgot your password?
Debian Upgrades

Debian Leaders: We Need to Release More Often 460

daria42 writes "The lack of a new stable release of Debian GNU/Linux since July 2002 is fuelling the campaigns of many candidates for the project's Debian Project Leader role, with many pushing for a shorter and more stable release cycle to stop Linux users heading for greener and more updated pastures."
This discussion has been archived. No new comments can be posted.

Debian Leaders: We Need to Release More Often

Comments Filter:
  • Re:This is comical.. (Score:2, Informative)

    by ta bu shi da yu ( 687699 ) on Friday March 18, 2005 @01:01AM (#11972762) Homepage
    Nope. This is correct.
  • by Red Alastor ( 742410 ) on Friday March 18, 2005 @01:14AM (#11972834)
    Try Ubuntu. They have a release cycle of 6 month and the next release due to april is Gnome / KDE. You can even get the preview release now.
  • Re:Duh... (Score:5, Informative)

    by Soko ( 17987 ) on Friday March 18, 2005 @01:14AM (#11972838) Homepage
    IMVHO, ubuntu [ubuntulinux.org] is Debian Done Right.

    Check it out - I'm certain that they'd like the help of a high profile advocate like Bruce Perens.

  • Re:Duh... (Score:5, Informative)

    by Bruce Perens ( 3872 ) <bruce@perens.com> on Friday March 18, 2005 @01:16AM (#11972856) Homepage Journal
    It's ready to go, as soon as Debian makes their release.


  • by cperciva ( 102828 ) on Friday March 18, 2005 @01:23AM (#11972889) Homepage
    I can see the need for keeping ahead of security bugs...

    Speaking of which... *tap* *tap* is this thing turned on? Is anyone from the Debian security team listening? I've got a security issue here... I've e-mailed vendor-sec (3 weeks ago)... I've e-mailed debian-security-private directly (1.5 weeks ago)... are you guys planning on responding some time this month?

    (Yes, I'm entirely serious. Slashdot isn't my preferred channel for communicating with other security teams, but the usual mechanisms seems to have failed, and I figure that there must be at least a few Debian people reading this story.)
  • Re:This is comical.. (Score:2, Informative)

    by LordoftheWoods ( 831099 ) on Friday March 18, 2005 @01:30AM (#11972930)
    Oh, and I forgot to add.

    Unstable - changes often

    for any slow people out there. English, anyone?
  • by Storlek ( 860226 ) on Friday March 18, 2005 @01:37AM (#11972974)
    As I said here [slashdot.org], it might act like Debian, but Debian it's not.

    A notable problem with using "spinoff" distributions is package compatibility. Can I install any .deb package on Ubuntu without possibly causing binary version problems? Similarly, can I build a package on Ubuntu, give it to a Debian user, and be sure that it'll work properly on their system?

    This is a problem with rpm-based distributions; I don't know if apt handles it in a smarter way than rpm, but I've been burned by it and I'm hesitant to try and see. While on the surface everything may seem to function properly, you never know when doing something seemingly innocent like installing or upgrading a package can open up a huge can of worms. I know; I tried installing some packages from my Mandrake 8.2 CDs on a Red Hat system. The first couple worked without any problems, but I tried installing another package that happened to mess with some other file that was already on the system, and it broke several other seemingly unrelated programs.
  • Re:well.. (Score:2, Informative)

    by dondelelcaro ( 81997 ) <don@donarmstrong.com> on Friday March 18, 2005 @01:41AM (#11972989) Homepage Journal
    The test versions of Debian are released weekly, and from my experience they work perfectly fine.
    Testing gets updated daily, not weekly. (Katie runs at least every 24 hours and the mirror pulse happens soon afterwords.)

    You're probably refering to d-i which does have snapshots which get updated every now and then, but it itself is updated all the time.
  • by Pandora's Vox ( 231969 ) on Friday March 18, 2005 @01:46AM (#11973015) Homepage Journal
    Debian and Ubuntu are currently similar enough that i have yet to hear of this happening, though i'm sure it's possible. note that the ubu dev model is something like this: snapshots of debian unstable every 6 months, with fixes applied and fed back into "vanilla" debian. as such i think that we're going to continue to see them being very similar.

  • by linguae ( 763922 ) on Friday March 18, 2005 @02:04AM (#11973110)

    If you're willing to switch to a different OS altogether, try FreeBSD. FreeBSD has a Package and Ports system. Packages are pre-compiled binaries that can be fetched and installed, and Ports is a way of installing software through source.

    To install Firefox, for example, you can type pkg_add -r firefox, and it would fetch a Firefox binary from the FreeBSD servers and install it from your system. If you prefer to compile Firefox, just cd to /usr/ports/www/firefox and type make install clean. It would automatically fetch the latest Firefox sources and compile them. Ports also resolves dependencies too; if GTK 2.4 or later isn't installed on the system (which Firefox requires), it will also fetch and compile the latest GTK if it isn't installed on the system.

    It is also pretty easy to upgrade all of your packages and ports, too.

    There are three ways that you can get FreeBSD. Every 5-6 months there is a FreeBSD release (FreeBSD-RELEASE). For example, FreeBSD 5.3 came out last November, and a FreeBSD 5.4 release is slated for April. However, if you want a more upgraded version and track development, there are two directions you can go: FreeBSD-CURRENT and FreeBSD-STABLE. CURRENT is the development branch that adds and tests new features, while STABLE includes the finished features, ready for one of the RELEASES.

    You can find out more about FreeBSD here [freebsd.org]. It has many of the features that you like in Debian, except updated much more often. Only thing to tell you is that FreeBSD isn't Linux; there are some key differences between the two operating systems that you should be aware of.

  • Re:Duh... (Score:5, Informative)

    by Bruce Perens ( 3872 ) <bruce@perens.com> on Friday March 18, 2005 @02:42AM (#11973239) Homepage Journal
    It's not as if I don't work for Debian. Today I am a volunteer on their corporate board and represent them to various standards organizations. More of my time is devoted to working for the entire Free Software community, and I flew 50K miles last year to represent Free Software, doing things like speaking against software patenting at the EU parliament in Brussels, keynoting a GNOME conference in Norway, lobbying in Washington D.C., teaching law students in Hawaii, and briefing reporters at every LinuxWorld show.

    Historicaly, I am the author of Debian's fundamental policy document and did a lot of the early work on their system.

    I've paid my dues a few times over.


  • Re:Duh... (Score:5, Informative)

    by natrius ( 642724 ) * <`niran' `at' `niran.org'> on Friday March 18, 2005 @02:43AM (#11973242) Homepage
    Newer packages, a wiki [ubuntulinux.org] full of documentation, a supportive community and nice package management programs (in the development version). Note that the only one of these that Debian can't have at this point is a stable set of up to date packages. Everything Ubuntu does is shared with Debian.

    When comparing Ubuntu with other distributions than Debian, things are a bit different. One of the selling points for Ubuntu for me is that it's developed by a community and has a central package repository. It's been a while since I used a non-Debian distro, so I'm sure much of this has changed, but when I used Red Hat and Mandrake, there was either nothing that compared, or it wasn't visible enough. Assuming that other distros have that now, there's the deb vs. rpm issue depending on which one you prefer. The main issue is that you're never considered a second class citizen in Ubuntu. The other distros have commercial versions with special software and updates you don't have access to. With Ubuntu, everything is free, and they've made a commitment to always remain free.
  • Re:this just in... (Score:4, Informative)

    by dondelelcaro ( 81997 ) <don@donarmstrong.com> on Friday March 18, 2005 @02:46AM (#11973259) Homepage Journal
    Face it, trying to stablize the exact same set of 2000 packages across 11 architectures is valiant but foolhardy. The solution is obvious -- reduce the number of packages and number of archs.
    Surprisingly, this actually hasn't been a major blocker for quite some time. If any of the superfluous packages can't get their act together to be in a releaseable state, they are summarily removed from testing.

    The actual blocker for the past 6 months or so has been the testing-security support. Before that, it was the fact that we didn't have a working installer.
  • Re:this just in... (Score:5, Informative)

    by dondelelcaro ( 81997 ) <don@donarmstrong.com> on Friday March 18, 2005 @03:01AM (#11973314) Homepage Journal
    Okay. So, again, why did it take three releases to realize something was wrong?
    It didn't.

    After potato was released, Anthony Towns implemented testing in an attempt to keep testing in a releaseable state always, so releases could occur more rapidly. That helped, but still didn't really fix the problem.

    After woody was released, security support and the installer were serious problems that had stalled the release of woody for quite some time, so more effort was placed into those areas to create a working installer along with a decent security infrastructure. That has helped as well. However, it took quite a while for those to be implemented.

    Now that sarge is on the verge of being released, people are analyzing the situation again to try to figure out what else should be done to fix the problem. The Vancouver Prospectus [debian.org] is an attempt to solve what have been identified as the problems for etch.

    you and other Debian people have thrown up your hands and said, "augh, look at this mess, it's huge, complex! We can't possibly fix this mess!
    No, as you can see above, specific things have been attempted to solve the problem. They haven't succeeded, clearly, but it's not for lack of trying them.
    If it's so hard to make a useful distribution, why did we see a veritable explosion of distributions (some of them based off Debian) in the time Debian hasn't released a single stable version?
    Distributions based on Debian are rather easy to make, frankly, especially if you're going to standardize on a specific set of packages and only support them. It helps as well if you can throw money at the problem and hire people to work on specific problems. Point in fact, none of the not-for-profit Debian based distributions have every actually released a stable distribution and suported the entire stable distribution for a whole product life cycle. They have different goals for the releases that they make than Debian does, which is quite acceptable for them. [Nothing is stoping anyone from taking a specific version of testing, calling it "stable" and supporting it. The fact that no one has should tell you something.]
  • by evilviper ( 135110 ) on Friday March 18, 2005 @03:11AM (#11973337) Journal
    Just 'emerge packagename' and the package is downloaded and installed.

    I'll call bullshit on that.

    Portage has great potential, but it's far from usable yet. Right now, after the first time you've done an 'emerge sync' (put simply, to update the ebuild list), installing any program is likely to result in portage downloading a brand-new kernel, even if you've got 20 different versions installed.

    XMMS might be a good example. It (optionally) depends on alsa, and alsa requires the kernel source to compile it's modules. Well guess what? Your installed version of alsa is no longer the latest version available, so it has to be installed again, and your kernel source is no longer the latest either, so that is going to be downloaded and installed to.

    This is a basic example. If you want to update one program that depends on gnome/kde libs, good luck, because the latest version of EVERYTHING is going to be downloaded, compiled, and installed. When you come back a day later, it will still be compiling, and filling up your hard drive, unless you are very carful and manually resolve these conflicts.

    It's incredibly infuriating. It can be worked-around by manually editing the config files of each ebuild you want to install (and they aren't just simple little text files, either.) but in my opinion, compiling a handful of packages from source in the first place, is infinitely easier.

    In case anyone is wondering, I've gone back to slackware after my failed 1+ year experiment with Gentoo.
  • by IntergalacticWalrus ( 720648 ) on Friday March 18, 2005 @03:48AM (#11973457)
    Allow me to return your bullshit call. emerge only updates dependencies if you specify the --update/-u option. And yes, you can update a program without that option. In that case, it will just update the specified program, period. There. No dependencies pulled, that is unless there's something new in the dependencies that needs to be added or updated.
  • by ic3p1ck ( 597610 ) on Friday March 18, 2005 @04:09AM (#11973510)
    My only complaint is that the testing version of Debian is updated a bit too often. I dislike having to get 10-20MB of packages every week to keep up just in case there are some security updates included (Debian security notifications are only done for the stable release).

    I would prefer something in between stable and testing, updated reasonably often with new packages (and features) and also have security releases in between as required.
  • Re:Except... (Score:2, Informative)

    by Anonymous Coward on Friday March 18, 2005 @05:01AM (#11973675)
    > The point of this post is just to say stable != extremely out of
    > date. stability is just well-tested, well-written code.

    One thing to note is Debian's stable is meant to be not just rock-solid, but also "unchanging" stable. Both meanings of the word apply.

    Meaning if you install a debian stable, it absolutely positively will not change, except for security bug fixes. It'll be the same system now, tomorrow, in six weeks, and in six months. You won't get a feature change on a debian stable system that messes with your server that may very well RELY on those features acting as they do.

    Unfortunately having it stretched out to "unchanging for 3 years" is far too long. I'd like to see 18 months absolute maximum.
  • pinning (Score:2, Informative)

    by LordMyren ( 15499 ) on Friday March 18, 2005 @05:17AM (#11973721) Homepage
    debian's package management system includes the ability to pin. that is, to attach various repositories/package trees of varying distributions with varying priorities. all my systems start stable and quickly recieve a good number of testing grade packages. because of dependancies, this means my system is usually ~50/50 stable/testing. i then usually add some non-system-metal stuff from unstable like KDE, gnome, & staroffice.

    i also have a long list of external package repositories from apt-get.org. some of my systems also track ubuntu packages as well. i run ubuntu's Xorg package set on my laptop (better acceleration, maybe one day working Xorg Suspend-To-Ram on my ancient ATI mobility ). it works perfectly transparently, including xcompmgr & all.

    the nice thing about debian is it lets you mix and match very easily while resolving all dependencies very nicely & very cleanly. also, you can set up your own repository very easily to take a sample collection of packages from kingdom-come and mirror it so it looks like a somewhat cohesive single repository. with apt-build coming along nicely, you can even cleanly and efficiently maintain your own patched versions of packages as they evolve, making it easier to recompile all your programs for Heimdal kerberos instead of MIT, for classic example.

    who gives a rat about stable? just pin what you need. debian distro is really about empowering the user to whatever ends with the most direct simplicity. distros like ubuntu are there for those who just want a single clean complete desktop distro.

  • by cupraman ( 830176 ) on Friday March 18, 2005 @05:22AM (#11973734) Homepage
    Debian has always made a problem for itself by using 'stable' as a version description. It's fine if you know that 'stable' means 'not likely to change much', but to most users the word implies that all other versions are 'unstable' which make them think that it's likely to crash a lot. I think a more relevant description would be 'static'.

    All servers I install are Debian and initially I used stable but now I use testing and have not had a single problem.

    For servers, Debian's great. For desktop, it's still great except that you use Knoppix or Ubuntu instead which take care of providing the latest and greatest package versions. Underneath they're still good old rock-solid Debian!
  • Re:Duh... (Score:5, Informative)

    by gnalle ( 125916 ) on Friday March 18, 2005 @05:39AM (#11973781)
    The big seeling point for Ubuntu is that you can have a system that

    Has recent packages (Woody doesn't)

    Provides security upgrades (Sarge doesn't)

    Is somewhat stable (I believe that Warty is stabler than Sid)

    Many packages in Sarge are newer than their counterpart in Warty, and similar Sid has newer packages than Hoary. However these differences are small and unimportant.

    Ubuntu has focused on a subset of the Debian archive. The packages in this subset are stable and work well. Furthermore Ubuntu has a "universe" archive that contains most of the packages in Sid. Some of the universe packages are uninstallable due to missing files. This can be bad if you are very dependent on a specific program.

  • Re:well.. (Score:3, Informative)

    by Todesmetall ( 826497 ) on Friday March 18, 2005 @05:48AM (#11973807)
    Back in the 20th century Debian was not that old.
    In fact, a new version was released roughly every 12 months, at least in the beginning. Then it took about 18 months from potato to woody, and now three years have passed since the release of woody...

  • by glomph ( 2644 ) on Friday March 18, 2005 @05:58AM (#11973829) Homepage Journal
    Umm, you sound like one of those 'sendmail sucks!' dorks. Slackware has had excellent package management (safe simple upgrades, automatically) since the 8.1 release, some years ago. Keep repeating the groupthink cliches, the Borg loves zombies who ignore facts.
  • by _Hellfire_ ( 170113 ) on Friday March 18, 2005 @06:00AM (#11973837)
    Can I install any .deb package on Ubuntu without possibly causing binary version problems? Similarly, can I build a package on Ubuntu, give it to a Debian user, and be sure that it'll work properly on their system?

    Actually...Yes. Yes you can

    In fact the system I'm writing this on is Ubuntu Warty and I have the Debian Sarge repositories loaded in my sources list. I've got quite a few Debian packages loaded on my system with no breakage whatsoever. I've heard people refer to this type of setup as "Debuntian".

    I wouldn't do anything stupid like apt-get upgrade (I comment out the Debian stuff for that) but for installing specific packages you're pretty safe.
  • by Anonymous Coward on Friday March 18, 2005 @07:01AM (#11973987)
    I mean, the difference between "stable" "testing" and "unstable" isn't just in haow updated the software is. "Testing" and "unstable" don't get official and prompt security updates as "stable does, and also testing can be pretty "unstable" if you happen to try an update on (or a fresh install of a snapshot from) the wrong day... I know, I **** up my system this way! ;-)
  • by Ulric ( 531205 ) on Friday March 18, 2005 @10:02AM (#11974680) Homepage
    Yes, "upgradepkg *.tgz" is a really, really hard way to upgrade the whole system.

    There's nothing wrong with the Slackware package management. It doesn't have dependencies; that is by design. Otherwise it's not too different from anything else, except Gentoo.

  • by Bishop ( 4500 ) on Friday March 18, 2005 @11:39AM (#11975700)
    grep -c "^Package: " /var/lib/apt/lists/ftp.debian.org_debian_dists_sid _main_binary-i386_Packages
  • We're listening .. (Score:2, Informative)

    by stevey ( 64018 ) on Friday March 18, 2005 @11:48AM (#11975798) Homepage

    Although unless you could post a subject, or the mail account you mailed from it'd be hard to tell.

    There are literally hundreds of messages going to the security@debian.org alias - and vendor sec also gets a lot of spam. This is one reason why sometimes I've lost things.

    Of course that's likely not to be what's happened to yours, maybe it just got queued up behind all the other things that we're working on.

    Does that help?

    Feel free to ping me with another copy if you like.. Actually forget I said that, I've just found your mail and I've personally not responded because of the lack of details - we already publish our private keys on our webpage so asking for them again is extra work when we've got lots to do.

    Vendor-sec / Debian can do lots of things your particular case you might think of a more appropriate person to pass it onto - obviously I don't wanna give details here.. Grr.

"You can have my Unix system when you pry it from my cold, dead fingers." -- Cal Keegan